Epic API
Epic is the electronic health record platform used by most large hospitals and academic medical systems in the United States, with EHRs that serve more than 325 million patients. With an unofficial API, you can sync patients, encounters, orders, and results across MyChart, Hyperspace, and Cosmos, automate documentation and ordering workflows, retrieve clinical data without waiting on App Orchard or open.epic onboarding cycles, and ship integrations end to end.
What is Epic?
Epic is the electronic health record platform behind a large share of academic medical centers, community hospitals, and integrated delivery networks. The company describes its mission as software to "help people get well, help people stay well, and help future generations be healthier," and reports that its EHRs currently serve more than 325 million patients across academic medical centers, community hospitals, dental clinics, mental health, payers, and urgent care.
Epic is employee-owned and developer-led, invests roughly 35% of operating expenses in R&D, and has been ranked #1 Overall Software Suite in KLAS for 16 years running. Most large US health systems standardize on Epic for inpatient, ambulatory, and patient-facing workflows.
Core product areas include:
- Hyperspace — clinician-facing desktop EHR for inpatient and ambulatory care
- MyChart — patient portal and mobile app for scheduling, messaging, results, and bill pay
- Cosmos — de-identified research and analytics dataset across participating Epic health systems
- Care Everywhere and TEFCA connectivity for cross-organization record exchange
- open.epic — public developer surface with FHIR APIs supporting USCDI and CMS interoperability rules
Common data entities:
- Patients (demographics, MRNs, identifiers, coverage)
- Encounters (inpatient admissions, ED visits, ambulatory appointments, telehealth)
- Providers and care teams (departments, specialties, scheduling templates)
- Orders, results, medications, problem lists, allergies, immunizations
- Clinical notes and documents (progress notes, discharge summaries, signed/cosigned)
- Coverage, claims, and patient billing (charges, statements, MyChart payments)
- Care Everywhere / TEFCA exchange records and external participant identifiers
The Epic Integration Challenge
Most US health systems run on Epic, but turning a hospital-grade EHR into an integration surface for a third party is hard:
- Customer-gated access: open.epic and FHIR endpoints are exposed per health system, and each integration typically requires the customer hospital to whitelist your client, configure scopes, and route through their interoperability team
- Per-tenant base URLs: Each health system runs its own Epic environment with distinct FHIR base URLs, OAuth issuers, and supported resource versions, so "the Epic API" is really N customer-specific APIs
- Scope and resource gaps: Public FHIR coverage is anchored to USCDI and CMS rules; many useful entities (scheduling, in-basket messages, custom flowsheets, financial detail) sit behind partner agreements or aren't exposed at all
- Strong enterprise security: MFA, IP allowlists, and SMART-on-FHIR launch contexts are required, and headless automation must respect customer entitlements
- Bulk data and batch interfaces: Population-level pulls flow through FHIR Bulk Data ($export), HL7 v2 feeds, or scheduled extracts with timing windows and large-payload handling
- Onboarding cycles: open.epic registration, customer security review, and go-live coordination commonly stretch a single integration into a multi-month, hospital-by-hospital rollout
How Supergood Creates Epic APIs
Supergood reverse-engineers authenticated browser flows, FHIR and SMART-on-FHIR endpoints, batch interfaces, and network interactions to deliver a resilient API endpoint layer that abstracts away per-tenant differences across Epic health systems.
- Handles SMART-on-FHIR launch flows and MFA (SMS, email, TOTP) securely against per-customer Epic environments
- Maintains session continuity with automated token refresh and change detection across Hyperspace, MyChart, and FHIR surfaces
- Normalizes patient, encounter, order, result, document, and claim objects so you can integrate once and reach many Epic tenants
- Aligns with customer entitlements, BAAs, and licensing constraints to keep access compliant with each hospital's interoperability program
- Bridges FHIR Bulk Data, HL7 v2, and scheduled export flows with signed URL retrieval and incremental sync where applicable
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your target Epic health systems, the data and workflows you need, and your authentication and onboarding model.
- Supergood Builds and Validates Your API
We deliver a hardened Epic adapter tailored to your customer footprint and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as Epic releases, FHIR scopes, and per-tenant configurations evolve.
API Endpoints
Authentication
/authenticateEstablish a SMART-on-FHIR session against a customer Epic tenant using OAuth 2.0 (authorization code or backend services with JWT client assertion).
Patients
/PatientRead or search FHIR Patient resources by MRN, identifier, or demographics across configured Epic tenants.
Scheduling
/AppointmentRetrieve scheduled, completed, and cancelled appointments to drive scheduling, reminders, and MyChart workflows.
Encounters
/EncounterCreate or write Encounter context for inpatient, ambulatory, ED, or telehealth visits as part of integrated workflows.
Clinical Data
/ObservationPull vitals, lab results, and other Observation resources with USCDI-aligned scopes for clinical and analytics use cases.
Billing
/ClaimSubmit or reconcile Claim and coverage data tied to encounters, charges, and MyChart billing events.
Use Cases
FHIR R4 Clinical Data Access
- Pull patient demographics, encounters, observations, conditions, medications, and document references via SMART-on-FHIR R4 endpoints - Normalize per-tenant FHIR base URLs into a single integration surface across multiple Epic health systems - Honor USCDI scopes and customer entitlements without rebuilding auth per hospital
MyChart Patient Engagement Workflows
- Automate appointment scheduling, secure messaging, results delivery, and bill pay flows that originate in MyChart - Trigger reminders and follow-up actions tied to patient portal events without manual portal logins - Mirror MyChart-driven state changes back into your product in near real time
Care Everywhere & TEFCA Referrals
- Retrieve cross-organization clinical history through Care Everywhere and TEFCA participants - Stitch external encounters and document references into a single longitudinal patient record - Reduce duplicate ordering and chase-the-chart work for referral and care navigation teams
Claims & Patient Billing Reconciliation
- Sync coverage, charges, claims, statements, and MyChart payment events into your billing or RCM system - Reconcile outstanding balances and adjustments across Epic tenants without per-hospital ETL - Surface payer mix and self-pay collection data for finance and patient access teams
Technical Specifications
Authentication
SMART-on-FHIR with OAuth 2.0 authorization code and backend services (JWT client assertion); MFA against per-tenant Epic environments
Connectivity
Per-customer FHIR base URLs on open.epic, Hyperspace web/Hyperdrive, MyChart, and HL7 v2 interface engines
Response format
FHIR R4 JSON resources and Bundles; HL7 v2 pipe-delimited messages on legacy interfaces
Rate limits
Customer-gated and tenant-specific; throttled by Epic deployment policy and interoperability team configuration
Session management
Automatic OAuth token refresh, SMART launch context preservation, and re-auth on tenant policy changes
Data freshness
Near real-time on FHIR reads; FHIR Bulk Data ($export) and HL7 v2 feeds for population-scale and incremental sync
Security
TLS 1.2+, BAAs, customer entitlements, IP allowlists, and audit-aligned logging consistent with HIPAA and HITRUST
Webhooks
FHIR Subscriptions where enabled by tenant; HL7 v2 ADT/ORU/SIU feeds and scheduled exports otherwise
Latency
Sub-second on cached FHIR reads; multi-second to minutes for Bulk Data $export and large document retrievals
Throughput
Batch and bulk pulls scaled per tenant; Supergood handles pagination, chunked Bundle traversal, and signed URL retrieval
Reliability
Automatic retries, idempotent reads, and graceful handling of per-tenant outages and Epic upgrade windows
Adaptation
Continuous monitoring of customer-gated open.epic onboarding, USCDI scope changes, and per-tenant FHIR version drift
Frequently asked questions
Every health system runs its own Epic environment with a distinct FHIR base URL, OAuth issuer, and supported scopes. There is no single Epic API host - integrations must be configured per tenant, which is why Supergood normalizes these per-customer endpoints behind one interface.
Most production integrations require open.epic registration plus a sponsoring customer health system that whitelists your client and configures FHIR scopes. Some workflows additionally go through App Orchard partner agreements. Supergood works with you and your customer hospitals to navigate these onboarding steps.
TEFCA provides a national framework for cross-organization exchange that complements Epic's Care Everywhere network. Through Supergood you can pull clinical history that traverses TEFCA participants and Care Everywhere connections without standing up a separate QHIN-grade exchange stack.
FHIR is the right surface for modern application reads, SMART-on-FHIR launches, and USCDI-aligned data. HL7 v2 still drives legacy interface engines for ADT, orders, and results - Supergood bridges both so you can choose per workflow rather than per vendor.
Public FHIR coverage is anchored to USCDI and CMS interoperability rules, so custom modules, flowsheets, and in-basket workflows often sit behind partner agreements or aren't exposed publicly. Supergood combines authenticated browser flows and approved APIs to extend reach where customer entitlements allow.